4.4.x TOOLS uses a vulnerable Go version

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Gone away
    • Priority: Minor - P4
    • 100.3.1
    • Affects Version/s: None
    • Component/s: All Tools
    • None

      Problem Statement/Rationale

      Customer runs container security scan on image and finds critical GO vulnerability

      CVE-2020-28367 | high | 7.50 | go | 1.13.10 | fixed in 1.15.5, 1.14.12 | > 8 months

      Steps to Reproduce

      Twistlock scan on associated Kubernetes operator deployment images

      Expected Results

      Pass with medium and low CVEs

      Actual Results

      CVE-2020-28367 | high | 7.50 | go | 1.13.10 | fixed in 1.15.5, 1.14.12 | > 8 months

      Additional Notes

      This is fixed in the latest MongoDB tools shipping with 5.x. The customer wants to know why we cannot re-compile with better Go version and re-release.

            Assignee:
            Tim Fogarty
            Reporter:
            Priyo Lahiri (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: